CVSSv3 01/22/2022

CVSSv3 Base

≤10
≤20
≤30
≤418
≤57
≤611
≤717
≤89
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤417
≤58
≤614
≤713
≤89
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤420
≤510
≤69
≤712
≤89
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤50
≤65
≤78
≤813
≤93
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1914565.44.3
 
6.5
 
 
star7th showdoc cross site scripting0.00CVE-2021-4172
1914553.53.5
 
 
 
 
phpMyAdmin Setup cross site scripting0.16CVE-2022-23808
1914546.36.3
 
 
 
 
phpMyAdmin Two-factor Authentication improper authentication0.00CVE-2022-23807
1914533.53.5
 
 
 
 
spotweb Login Page cross site scripting0.05CVE-2021-33966
1914527.87.8
 
7.8
 
 
Dell EMC Virtual Appliances hard-coded credentials0.03CVE-2021-36339
1914514.84.3
 
5.4
 
 
Fresenius Kabi Vigilant Software Suite Mastermed Dashboard cross site scripting0.03CVE-2021-33848
1914506.95.3
 
8.6
 
 
isomorphic-git cors-proxy server-side request forgery0.04CVE-2021-23664
1914494.32.1
 
6.5
 
 
Fresenius Kabi Vigilant MasterMed credentials storage0.00CVE-2021-23207
1914486.34.3
 
8.3
 
 
Dell EMC AppSync GET Request information disclosure0.04CVE-2022-22551
1914475.44.3
 
6.5
 
 
graphql-go resource consumption0.04CVE-2022-21708
1914465.95.5
 
6.3
 
 
wasmCloud OTP Host Runtime authorization0.03CVE-2022-21707
1914453.53.5
 
 
 
 
GPAC vrml_route.c gf_sg_destroy_routes null pointer dereference0.06CVE-2021-46311
1914443.53.5
 
 
 
 
GPAC scene_dump.c gf_dump_vrml_sffield null pointer dereference0.04CVE-2021-46240
1914433.53.5
 
 
 
 
GPAC base_scenegraph.c gf_node_unregister denial of service0.05CVE-2021-46237
1914423.53.5
 
 
 
 
GPAC vrml_tools.c gf_sg_vrml_field_pointer_del null pointer dereference0.03CVE-2021-46236
1914413.53.5
 
 
 
 
GPAC base_scenegraph.c gf_node_unregister null pointer dereference0.00CVE-2021-46234
1914405.95.5
 
6.3
 
 
Dell Unisphere for PowerMax access control0.00CVE-2021-36338
1914393.53.5
 
 
 
 
LG Smartphone AT Command denial of service0.03CVE-2022-23728
1914386.36.3
 
6.3
 
 
Fresenius Kabi Vigilant Software Suite Mastermed Dashboard hard-coded credentials0.03CVE-2021-44464
1914376.35.3
 
7.3
 
 
Fresenius Kabi Vigilant Software Suite Mastermed Dashboard information disclosure0.04CVE-2021-43355
1914364.02.2
 
5.9
 
 
Fresenius Kabi Vigilant Software Suite risky encryption0.03CVE-2021-33846
1914355.35.3
 
5.3
 
 
Fresenius Kabi Agilia Link+ Default Configuration Page file access0.03CVE-2021-33843
1914345.13.7
 
6.5
 
 
Fresenius Kabi Agilia Link+ TLS Configuration risky encryption0.04CVE-2021-31562
1914336.45.3
 
7.5
 
 
convert-svg-core SVG File information disclosure0.10CVE-2021-23631
1914327.37.3
 
7.3
 
 
cached-path-relative code injection0.03CVE-2021-23518
1914317.37.3
 
7.3
 
 
Fresenius Kabi Agilia Link+ access control0.03CVE-2021-23233
1914307.37.3
 
7.3
 
 
Fresenius Kabi Agilia Link+ Web Application insufficiently protected credentials0.04CVE-2021-23196
1914294.84.3
 
5.3
 
 
Fresenius Kabi Vigilant Software Suite Web Server file access0.04CVE-2021-23195
1914285.35.3
 
5.3
 
 
mustache Template Engine input validation0.00CVE-2022-0323
1914274.24.3
 
4.0
 
 
Rapid7 Insight Agent access control0.03CVE-2021-4016
1914263.33.3
 
 
 
 
Mitsubishi Electric MC Works64/ICONICS GENESIS64 GridWorX cleartext storage0.05CVE-2022-23129
1914253.53.5
 
 
 
 
Sidekiq Web UI api.rb resource consumption0.06CVE-2022-23837
1914245.63.1
 
8.1
 
 
Dell EMC AppSync UI/CLI excessive authentication0.03CVE-2022-22553
1914233.53.5
 
 
 
 
GPAC MP4Box __memmove_avx_unaligned_erms denial of service0.00CVE-2021-46313
1914223.53.5
 
 
 
 
HDF5 H5T.c H5T__complete_copy divide by zero0.03CVE-2021-46244
1914213.53.5
 
 
 
 
HDF5 H5Odtype.c H5O__dtype_decode_helper denial of service0.05CVE-2021-46243
1914203.53.5
 
 
 
 
GPAC MP4Box alloc.c gf_free denial of service0.04CVE-2021-46239
1914193.53.5
 
 
 
 
GPAC base_scenegraph.c gf_node_get_name denial of service0.04CVE-2021-46238
1914183.53.5
 
 
 
 
Bingrep denial of service0.03CVE-2021-39480
1914174.34.3
 
 
 
 
Mitsubishi Electric MC Works64 Configuration File buffer overflow0.00CVE-2022-23130
1914166.36.3
 
 
 
 
Sourcecodester Budget and Expense Tracker System sql injection0.09CVE-2021-40247
1914156.45.3
 
7.5
 
 
min-dash Key Type code injection0.04CVE-2021-23460
1914146.36.3
 
 
 
 
Sourcecodester Employee and Visitor Gate Pass Logging System sql injection0.06CVE-2021-46309
1914136.36.3
 
 
 
 
Sourcecodester Online Railway Reservation Sysytem sql injection0.06CVE-2021-46308
1914125.95.0
 
6.9
 
 
Dell EMC AppSync improper restriction of rendered ui layers0.04CVE-2022-22552
1914115.55.5
 
 
 
 
HDF5 H5AC_unpin_entry use after free0.04CVE-2021-46242
1914107.37.3
 
 
 
 
Mitsubishi Electric MC Works64 improper authentication0.03CVE-2022-23128
1914095.53.7
 
7.3
 
 
Fresenius Kabi Agilia Link+ cleartext transmission0.00CVE-2021-41835
1914087.57.5
 
7.5
 
 
Fresenius Kabi Agilia Link+ resource consumption0.06CVE-2021-23236
1914074.34.3
 
 
 
 
Mitsubishi Electric MC Works64/ICONICS MobileHM Monitoring Screen cross site scripting0.05CVE-2022-23127

12 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!